<?php
  require_once('db.php');
  if(isset($_SESSION['id']) || !empty($_SESSION['id'])) {
    header('location:profile.php');
    exit;
  }

  if(isset($_POST['email'])&& !empty($_POST['email']) && isset($_POST['password'])&& !empty($_POST['password'])){
    pr($_POST);
    $email = mysql_real_escape_string($_POST['email']);
    $password = mysql_real_escape_string($_POST['password']);
    $password = md5(trim($password));

    echo $query = "SELECT * FROM `users` WHERE `email`='$email' AND `password`='$password' AND `status`='1'";
    $result = mysql_query($query) or die(mysql_error());

    if(mysql_num_rows($result) == 1){
      pr('CHEERS :)');
      $user = mysql_fetch_assoc($result);

      $_SESSION['name'] = $user['name'];
      $_SESSION['id'] = $user['id'];
      $_SESSION['email'] = $user['email'];

      header('location:profile.php');
      exit;
    } else {
      pr(':( Sorry, login failed..');
    }
pr($query);

  } else {
    echo "Username / password required";
  }
?>
<form action="" method="post">
  <input type="email123" placeholder="My Email is.." name="email" required value="zeev@andi.com"/><br>
  <input type="password" placeholder="My Password is.."  name="password" value="1q1q1q1q" required /><br>
  <input type="submit" value="login.."  />
</form>

Email : z
eev@andi.com' OR '1'='1
